Instantly share code, notes, and snippets.

Embed
What would you like to do?
$data = Search-UnifiedAuditLog
-StartDate $startInterval
-EndDate $endInterval
-Operations FileAccessed, FilePreviewed, PageViewed, PageViewedExtended, SearchViewed, CompanyLinkUsed, SecureLinkUsed, FileDownloaded, FileModified, FileUploaded, FileDeleted, FolderModified, CompanyLinkCreated, SharingInheritanceBroken, ListUpdated, FileSyncDownloadedFull, FileSyncUploadedFull
-SessionId $sessionId
-SessionCommand ReturnLargeSet
-ResultSize 5000
## Start Date - Date and Time in local Computer Date Time format
## End Date - Date and Time in local Computer Date Time format
## Operations - For more information see here - https://docs.microsoft.com/en-gb/office365/securitycompliance/search-the-audit-log-in-security-and-compliance#sharing-and-access-request-activities
## Session Id - Essential for paging and handling when data goes more than threshold limit
## Session Command - Determines the size of the data returned
## ResultSize - 5000 seems to be the upper limit for a successfull data pull
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment